From 0e4f43dddee1e3ff3dd95af0eae3c9213d02f5f0 Mon Sep 17 00:00:00 2001
From: Morozov-5F <zhe3145@yandex.ru>
Date: Thu, 31 Dec 2020 18:14:50 +1100
Subject: [PATCH] secure boot v2: Fix crash if signature verification fails in
 app

sha_handle is "finished" when verify_secure_boot_signature() returns and
should be nulled out.

Alternative version of fix submitted in https://github.com/espressif/esp-idf/pull/6210

Closes https://github.com/espressif/esp-idf/pull/6210

Signed-off-by: Angus Gratton <angus@espressif.com>
---
 components/bootloader_support/src/esp_image_format.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c
index 92df9fd2f8..46465f9f85 100644
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -229,6 +229,7 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
             if (true) {
 #endif // end checking for JTAG
                 err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
+                sha_handle = NULL; // verify_secure_boot_signature finishes sha_handle
             }
 #else // SECURE_BOOT_CHECK_SIGNATURE
             // No secure boot, but SHA-256 can be appended for basic corruption detection